Major credit card breach sees 5 million Americans’ details leak online

Cybersecurity experts have uncovered a credit card breach that threatens to disrupt Christmas shopping for millions of Americans.

Researchers at Leakd.com uncovered an unsecured Amazon Web Services (AWS) ‘S3 bucket’ that was used in a phishing scheme, yet the criminals left it open online.

An S3 bucket is a virtual folder for companies to store customer data, but this instance held the credit card details, names, addresses and emails of five million people who fell victim to a fake companies fake promotions, including a free iPhone.

Experts urged the public to contact their financial service providers as the exposed data poses immediate threats of fraud, unauthorized transactions, and identity theft.

While the party or parties responsible for this trove of scammed credit card information remains unknown, Amazon’s AWS Abuse team is now investigating.

Leaked.com said the culprits were likely involved in a phishing scam: a social engineering hack in which criminals use emails, phone calls or even fake websites posing as a reputable company to trick someone into giving up key personal data.

‘While it’s unknown how long this data has been online, it’s now threatening to disrupt the holiday shopping season for potential victims as well,’ the tech site’s cybersecurity researchers warned.